Bug bounty presence & max payout

QuickSwap's assessment for RD-F-007 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No active Immunefi program for QuickSwap (cache immunefi_slug: null; Immunefi search returned no QuickSwap listing). QuickSwap ran: (a) $50K UI alpha bounty (2022, Google Forms), (b) $100K V3 beta bounty (Sep 2022, Google Forms, team discretion, paid in QUICK, time-limited 'until V3 mainnet launch'). Neither program is currently active at assessment date (May 2026). At $451M TVL, absence of a formal active bug bounty program at max payout >=50K with defined scope is a red finding.

Sources #

URL
$100K V3 Bug Bounty Announcement — QuickSwap Medium$100K V3 beta bounty — time-limited, Google Forms, expired at V3 mainnet launchretrieved 2026-05-16
Docs
QuickSwap Security DocumentationQuickSwap security docs — no current bounty program link foundretrieved 2026-05-16

Methodology #

Check whether a public bug bounty program is active for this protocol and record the maximum payout in USD.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol quickswap factor RD-F-007 score red collected_at 2026-05-16 08:48:31